FCA solicits removal of 90-day Open Banking reauthorisationby
The current FCA consultation paper on payment services and Electric money proposes to exempt fintechs from the 90-day reauthorisation requirement of using Open Banking data. The decision could have big consequences for the future of Open Banking.
The Financial Conduct Authority (FCA) has published consultation paper CP21/3: ‘Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual’.
The paper proposes the following changes to the SCA-RTS (the technical standards on strong customer authentication and common and secure methods of communication):
creating a new SCA exemption in Article 10A so that customers do not need to reauthenticate every 90 days when accessing account information through an AISP
mandating the use of dedicated interfaces (such as APIs) by account providers for certain retail and SME payment accounts
amending requirements relating to technical specifications, testing interfaces and fallback interface
allowing ASPSPs with a deemed authorisation under TPR to rely on exemptions from setting up a fallback interface granted by home state competent authorities
amending the single and cumulative transaction thresholds for contactless payments, increasing the first from £45 to £100 (or potentially a maximum of £120) and the latter from £130 to £200.
According to the FCA, it has identified “barriers’ to successful competition and innovation in the UK payments landscape caused by requirements in the SCA-RTS for Open Banking.
The consultation paper proposes to make amendments to these rules that will support competition and innovation whilst maintaining the safety and security of open banking.
Following the completion of Brexit, the consultation also proposes to update its guidance to reflect the EBA’s and the Commission’s guidance issued prior to IPCD to ensure its guidance remains relevant in the UK.
The benefits of open banking have long been heralded as transformational for consumers and businesses with the technology opening the floodgates to a wave of new financial products.
Open banking allows third-parties to access the financial information your bank holds securely and with your consent.
The ‘opening up’ of financial information, in turn, creates a endless possibilities for financial technology firms to produce services that rely on the information your bank holds.
Having been at the forefront of the implementation of open banking and with a reputation as a world-leading regulatory body, it seems clear that the FCA wants to retain that mantle and press forward with refining the regulations.
The 90-day rule
The biggest proposed change in the consultation is to the 90 days re-authentication rule.
Initial legislation included a strict 90-day reauthorisation requirement under the SCA-RTS standards. This meant that every 90 days, service providers that use a customer’s financial information held by a bank must be reauthorized to maintain access to that information.
Despite being what might first have been considered a minor regulation aimed at bolstering security, the 90-day rule has now become a headache for some open banking service providers.
The open banking service providers or third-party providers (TPPs) argue that the rule stifles innovation and more profoundly, goes against the very principles of competition and creativity that open banking seeks to promote.
Ultimately, TPPs like Xero say the 90-day reauthorisation rule makes life harder for businesses as they struggle to reapply their banking credentials and wastes time for the accountants that must guide businesses through the process.
FCA taking feedback onboard
It seems that FCA are now listening to those arguments.
In the consultation paper the FCA acknowledged that the reauthorisation rule has proven “burdensome for customers, creating friction in the user experience and hindering uptake of open banking services”.
The report adds that the 90-day rule has led to a significant loss of customers when the reauthentication becomes required. The FCA estimates that around 40 percent of customers leave at this point even though they are satisfied with the service.
The change of tack by the FCA, proposing to make third-party providers (TPPs) exempt from the 90-day rule so long as they re-authorise in-app could lead to huge ramifications in the open banking space.
What impact will the exemption have?
Currently, accountants have to chase clients at least four times a year to refresh their bank feed for their bookkeeping. Under these plans, that would no longer be the case, saving accountants time, keeping clients happy and allowing the TPPs to focus on bringing new services.
Importantly, the FCA recognises that the removal of the 90-day rule for TPPs in this way would not compromise security.
How will the changes affect audit?
For audit, the mix of significant efficiency gains from moving away from archaic paper and pdf-based processes, the quality gains from obtaining client transactions directly from source and the fact that most audits only happen annually, means the 90-day rule has not had a negative impact on uptake.
But, as the audit industry continues undergoing dramatic change and slowly moves towards an always-on real-time audit, these slight changes in regulation could bring significant benefits in future.
Open banking services are currently used by over 3 million consumers and businesses in the UK and that number continues to grow exponentially. Between 2018 and 2020, API call volume grew from 66.8 million to nearly 6 billion.
Ultimately, the rapid uptake of open banking in the UK alongside the changes to the 90 day rule is set to drive innovation and growth by giving consumers more control of their own data. The UK is in a very strong position to retain its position as a global fintech leader in a post-pandemic world.
You might also be interested in
Dudley is a Chartered Accountant formerly with KPMG and Moore Kingston Smith. He founded Audapio, a solution leveraging Open Banking to improve audit quality and efficiency before joining Circit as VP of business development.